I'm looking for a cryptographic technique that instead of permuting a cleartext, would add noise to the cleartext to obfuscate the true text among a bunch of garbage. For example, a list of 10 numbers would be combined with a list of 90 random ones with the goal of making the true set of numbers difficult to recover.

I need an attacker to believe that the message is not encrypted. I'm trying to obfuscate a set of GPS coordinates that need to be submitted to a third party but the original route needs to be recoverable with only a key.

Is there a principled way to do this? One idea is to use a secure PRNG to generate the 'noise' and, assuming there is no collisions, regenerate the noise on the receiver side and filter to decrypt. Any pointers to other techniques would be appreciated.

Why would you be looking for such a technique? One obvious problem with this is that it unavoidably leaks some information to the attacker. For example, if you have a list of numbers (which do not include the value 7), and you encrypt it, and the garbage you insert also do not contain a 7, then the attacker can deduce that the value 7 did not appear in the plaintext. Given that commonly accepted encryption methods do not have this drawback, why are you specifically looking for a method that does?
–
ponchoNov 22 '13 at 19:27

@poncho - I need an attacker to believe that the message is not encrypted. I'm trying to obfuscate a set of GPS coordinates that need to be submitted to a third party but the original route needs to be recoverable with only a key. Obviously the several fold incraese in data is a problme, but I'm ignoring that for now
–
argybargy3Nov 22 '13 at 19:32

4

Treat the GPS coordinates as an integer string and use format-preserving encryption to produce a ciphertext that is also a valid set of GPS coordinates.
–
pg1989Nov 22 '13 at 20:29

3 Answers
3

You first need to consider your adversary and what are your goals for this mechanism.

This kind of mechanism appears less effective than proper cryptographic means:

having secure PRNG means that both ends of the message exchange have access to some proper cryptographic means

Adding noise means that the information exchange is less efficient: there is much more information to exchange

Even when garbage is added, some cryptanalysis techniques could be effective in retrieving the true text from the garbage.

The principled way (in my humble opinion) would be to use proper cryptographic primitives. Otherwise, you risk getting your system efficiently attacked by attacker who know the system (Kerckhoff's principle).

Steganography

Steganography is about encoding and hiding message so that only sender and recipient should detect existence of the message. Steganographic techniques often involve adding various materials to make it easier to detect the message. I recommend studying steganographic techniques (in case you do not follow advice on just using cryptography) because there you may find partial aid for your problem.

Format preserving encryption

If the target is to make it look like it has not been encrypted, one possibility is to use format preserving encryption for encryption instead of adding garbage.

add noise to the cleartext to obfuscate the true text among a bunch
of garbage
....
I need an attacker to believe that the message is not encrypted

So first of all, a small disclaimer. You realize that regular encryption standards would be much stronger and existing libraries are designed to handle data. On top of that it's generally not a good idea to write your own crypto. This is an irregular request, but what you're asking is still understandable since not exposing the act of encryption has it's own advantages in terms of security.

Now, if you want the data to look authentic, you could go with a PRNG to XOR (link) the binary form of the data. This is actually related to the one-time pad, which is considered strong if used once. You could also use FPE (link) where you basically set the format to some specific length and use that as a block and permute the integers within it.

You could also use some kind of cipher and then put an anagram (link) together so that the original word(s) get obfuscated. This probably won't be expected because it takes more computing power to find a sensible anagram (may need to check a dictionary), and then provide some key to allow decoding. Also, it's not considered very strong because a supercomputer would just rip it apart.

Realistically, if you're deadset of making this, I'd use some form of strong encryption (like AES for any symmetric or RSA/elliptic curves for asymmetric) along with it maybe as a precursor, then try to piece the resulting blocks back together in some kind of believable format that looks like a combination of numbers/letters that look like a real message. The amount of programming involved in doing that, and the computing power needed to run that kind of code, is why you probably won't see this being done very often. Most systems just encrypt and that's considered plenty secure.